Posted
by
timothy
on Thursday December 19, 2013 @03:40PM
from the but-watch-for-the-new-skimmers dept.

judgecorp writes "A new remotely-programmable embedded SIM design from the GSMA operators' group means that devices can be operated on the Internet of things and won't have to be opened up to have their SIM card changed if they move to a different operator. The design could speed up embedded applications."

Did you even RTFA?
This is for the 'internet of things' - Imagine you want to move the anti-theft system in your motorcycle from carrier A to B. Or a city wants to move their digital parking meters to a cheaper carrier. Instead of needing to move a physical SIM you could do is online.

Or an online watch, where there are advantages to having it sealed up, with no SIM slot. Heck even with a 'phone' it's useful. Imagine you arrive in Hong Kong at midnight and you want to move your phone to Vodaphone.

Did you even RTFA?
This is for the 'internet of things' - Imagine you want to move the anti-theft system in your motorcycle from carrier A to B. Or a city wants to move their digital parking meters to a cheaper carrier. Instead of needing to move a physical SIM you could do is online.
Or an online watch, where there are advantages to having it sealed up, with no SIM slot. Heck even with a 'phone' it's useful. Imagine you arrive in Hong Kong at midnight and you want to move your phone to Vodaphone. You don't have to seek out some store and buy a SIM - Just happens presto.

Imagine all of those scenarios except the person/entity making the changes isn't the owner.

Heck even with a 'phone' it's useful. Imagine you arrive in Hong Kong at midnight and you want to move your phone to Vodaphone. You don't have to seek out some store and buy a SIM - Just happens presto.

When I travel with my phone, I don't even want to turn it on before I put in a new SIM for the local system. Turn it on, it registers with the local carrier and your home carrier starts forwarding calls to it -- at international rates.

I certainly don't want "presto" reprogramming my SIM. I don't want to have to call my home carrier to tell them to move it to X, and then X to have them move it back, and have one or both of them charge me for the privilege of screwing it up so I have no working phone at all. No thanks. That's one of the benefits of having GSM versus whatever. The phone is the SIM, and I can carry more than one to be more than one thing. And I can use the second SIM in my backup phone without it costing me a second plan on both carriers.

It's YOUR phone. You should be able to do anything you want with it, and use it with any carrier of your choice. I see no justifiable reason why "someone else" should have control over ANY kind of "remote" control over it.

As I wrote to someone else: that's trading freedom for a little bit of convenience. In the long run, that will turn out to be a bad trade almost every time.

This is stupid. Moving a physical token is easier, faster, and more intuitive than digging around for credentials to some website or worse yet, dealing with your mobile provider to transfer an account. It's nice to know if my phone breaks, I can grab my previous model on the spot and shove the sim in and have a working phone without trying to deal with the provider. Even more so if I am playing with ROMs and hacking away at a couple pieces of hardware.

Doing things online to physical devices is usually slower, less efficient, and less intuitive.

What else would your motorcycle use? Parking meters? Your burglar / fire alarm? Telemetry at a natural gas junction? Traffic sensors? The wrist band to track granny when she has Alzheimer's? The "Next Bus" sigh at your local bus stop?

...and that's off the top of my head in 30 seconds. I'm sure there are many more.

The rubber plugs are for the USB and headphone sockets.When was the last time you saw an iPhone with a MicroSD card slot or replaceable battery?If there was no MicroSD card, SIM card and no replaceable battery, there would be no need for the removable back cover, that tends to fall off every now and then after two years of use.

Head phones can be replaced with bluetooth, charging can be done wirelessly, plugs can be made water proof.

The thing is, everyone makes their phones as thin and dense as possible. Which means they sink like a stone. A couple months ago, I watched a person pull a stocking hat out of his coat pocket... the same pocket his iPhone was in... a fraction of a second later, there's a sickening little splash sound and a short time after that, the realization that his phone had become lodged in marina muck under 15 ft of saltwater. Unless the phone floats, accidental plunges only protects against toilets and mud pudd

Well one reason I would like this is that the nano SIMs in a lot of current phones are simply too tiny to easily change while on a plane. I travel for work to several different countries and have a local SIM for each. Trying to manipulate and swap out those tiny SIMs while cramped up into an aeroplane seat sucks.

I could wait until I arrive I suppose, but it's something useful to do while you have dead time on the plane, plus there usually isn't a good place to do it when you arrive and are herded into the i

Not only why? But I don't want it. This seems like a huge step backwards for consumers. One of the great thingsabout GSM vs CDMA is the ability to move a phone from carrier to carrier or a number from phone to phone. I don'twant an embedded sim that only the carrier can change and I can't swap to a different handset or carrier. Somethings I routinely do are swap a sim when in a foreign country or put my sim into an old cheap phone when I takeit to the beach or if my phone is acting up, dies, or needs to be charged.

Not only why? But I don't want it. This seems like a huge step backwards for consumers. One of the great thingsabout GSM vs CDMA is the ability to move a phone from carrier to carrier or a number from phone to phone. I don'twant an embedded sim that only the carrier can change and I can't swap to a different handset or carrier. Somethings I routinely do are swap a sim when in a foreign country or put my sim into an old cheap phone when I takeit to the beach or if my phone is acting up, dies, or needs to be charged.

Good thing it isn't intended for consumers, then. Look, I know this is Slashdot and it isn't cool to RTFA, but, really, from TFA:

Despite the convenience of over-the-air management, the GSMA says the embedded design is not meant to replace conventional SIM cards, even though this exact idea was floated when ETSI was deciding on the future of the nano-SIM in 2012.

Do you want your smart electric meter to stop talking to your electric company because they're switching network standards and don't have time to send a technician to change SIM chips in every meter in the city? With this, your meter can be reprogrammed to connect to an updated network without a service call to your house.

I'm not convinced of that. Swapping a sim is something I can do myself quickly and easilly/. ill I be able to reprogram these myself or will I have to call up one or possiblly both of the carriers involved and ask them to do it? how long will that take? hours? days? will scummy "virtual carriers" be able to "hijack" devices and bring them onto their "network" without the owners permission? will it be reasonablly possible to transfer a device between carriers in different countries?

The point is that in many places it is not legal to put in a phone "in jail" in the first place. So if they want to get rid of physical SIM card they need a non-physical way of changing the phone to a different provider on the fly.

Considering that they explicitly say: "... remotely assigned to a network. This information can be subsequently modified over-the-air, as many times as necessary.", odds are that this will be a repeat of the procedures followed on CDMA networks where it is entirely the Carrier to take care of a change, and who can choose not to should they not sell/support the device you wish to use.

It's a bit more complicated than that since all the carriers in the US use wildly different frequency bands. I've got a Lenovo S750 (waterproof and all that) thatI love, but can't get over 2G speeds due to all the spectrum issues in the US. Also, it has TWO sim cards so I can be on multiple networks at once. Lucky for me I'm usually in range of wifi so its not really a problem. Streaming pandora while I drive down the road is about the only thing I miss, and I didnt do that much anyway.

Sounds good in theory, just so long as the "remote provisioning" can be handled by the user of the device, and the user doesn't have to ask permission from anyone.

Don't be silly, it is precisely that capability which the carriers want to eliminate.There is nothing wrong with SIMs. You know when you change out your sim card that your ties with the prior carrier are interrupted. Who knows what information this scheme will provide to your prior carrier, or government monitors.

This seems more likely to provide protection for Government wire tapping than any benefit to the user.

Don't be silly, it is precisely that capability which the carriers want to eliminate.

Yeah, if *you're* not controlling the access to the SIM module, then *somebody else* is. If anybody can think of a secure way to make this happen without the user losing control, please leave a comment.

There already is one.The phone already has a unique ID as well (that you aren't supposed to be able to change, and in some countries is illegal to do so because its used to black list stolen phones), called the IMEI number. The SIM card has an IMSI number.

This also means that users can no longer swap the SIM card to move a device between carriers (e.g. putting in a local SIM when traveling). I doubt that the carriers are going to make this easily changed by users, since it means less lock-in.

It also means that you have to go through your carrier to change your device. Regardless of where or how you obtain your device you will always have to go down to your local shop and have them push the config.

This buzzword annoys me even more than Cloud. Cloud has more or less become common vernacular for describing Internet-connected servers which you may or may not own, but the term Internet of Things seems to imply that a) there were no "things" on the Internet before now and b) the "old Internet" simply isn't hip enough to run more devices, and you should be clambering all over a vendor to be a part of it. Ugh.

cloud was inevitable; every network diagram I've ever seen always represented the internet as a "cloud".

I've always thought it was perfectly approrpriate too. Its a relatively opaque morphous network outside of your direct control, there's "stuff" in it, you can connect to but you don't really know what or where it is.

And cloud storage and cloud compute etc is literally moving those servers on those diagrams INTO the cloud.:)

So cloud doesn't bug me as a term at all. As a trend it offends me greatly, since

There are a lot of things that I can imagine that wouldn't be described as computers, but could be on the internet. Home security systems. Garage door openers. TVs (okay, that one is arguable). Washing machines, driers, ovens... any number of things that, w/ an embedded kit, could be remotely addressable and controlled from outside. Like you're on the road when your spouse calls you, telling you that s/he is stuck outside. Or you've left home, but remember after 10 minutes that you forgot to turn off

I can see the utility, but this seems like a security issue. Isn't one of the purposes of the SIM to provide a physical identity chip? Why does it need to be programmable? Shouldn't you just say 'this SIM now has access to this network'?

I probably just don't understand the function of a SIM card well enough to get the significance of this. Can someone clarify? I am not 5, FYI, and I can understand multi-syllabic words.

How long before the market for phone serials are is just as big as credit card data. I would imagine this technology be jail broken in hours and then the bad guys can easily change phone numbers. Imagining being able to change phones in-between calls, or how about randomly using a stolen one...that said, I do feel moving this to software is a good idea. As long as I can switch carriers as easy as the carriers can switch it.

1. Normally, when you have service, it's attached to the SIM, not the phone. With this new embedded SIM model, this goes away. Your service is attached to the phone. Bad.2. Remotely programmable means that it will be even easier for hackers to fuck with your phone. Bad.3. Your phone is really no longer your phone. The carrier will have ultimate jurisdiction over the phone, unless you pull the battery. Bad.4. If I lose or seriously damage my phone, my SIM is gone, and I HAVE to buy a new phone and activate it again. Bad.

I won't want a phone like this if this is how the carriers want to do business. I'll keep my removable SIM card thank you very much.

You hit the nail on the head. With CDMA providers, unless you buy the device from them, AFAIK, they won't allow it on the network. With GSM providers, if you had an unlocked device with the proper antenna bands, it would work without issue, and just swapping the SIM did the job. No calling up and pleading for permission to use the device, just a card swap and perhaps a power cycle.

A simless device gets us back to the bad old days. With those, I have to beg/plead with the telco in order to have a device

And what will you do? The majority of people are only brain dead and arrogant meat, which calls people like you tin foil lunatics, and buys those phones if it thinks it can save a fraction of a cent. Given enough buyers, piece by piece SIM card phones will vanish. Even if you stockpile a few phones, what if the carriers won't support them anymore? Stop using cell phones at all?

To fix this issue, the GSMA has developed a non-removable SIM that can be embedded in a device for the duration of its life, and remotely assigned to a network. This information can be subsequently modified over-the-air, as many times as necessary.

What this seems to do is take control away from the user, who could swap SIM cards, and give it to some carrier. This looks like something where you beg and plead with your old carrier to let you switch your device to a new carrier. There's a lot of elaborate key management in this system, and compromise of certain keys could break the whole system.

What this seems to do is take control away from the user, who could swap SIM cards, and give it to some carrier.

When you say "seems to," do you really mean "could possibly some day"?

No, I mean that's what the documentation seems to say. The user can't swap SIM cards when there is no removable SIM card. It has to be done remotely. From the documentation, it seems that the carrier has the keys to do that, but the user does not. Some devices start out in "provisioning mode", from which point (I think) the first carrier to talk to the device downloads a profiile and has control of the device until they release it. Or the device might come pre-locked to a carrier. Whether the user can forc

I'd be OK with this, under one condition - a hardware-based write protection lock that is absolutely 100% not able to be bypassed or circumvented in software.

I'll never understand why this incredibly basic feature that is so easy to design, cheap to implement, and valuable to device security went the way of floppy disks. How awesome would a thumb drive with a hardware write lock be?

Your hardware lock would negate the advantage of the embedded SIM design. The reason for embedded SIM is that you can remotely change the carrier, phone#, etc. without having to physically access the device. This is intended for use in devices such as cars, machinery, etc. It is not intended for use in your phone (most people here seem to have missed that little detail). If you have to physically access the device to flip a hardware lock, you might as well just use a regular SIM.

Fair point. I can envisage scenarios where modifying the SIM remotely would be helpful. Then again, I can envisage scenarios where it could be a very, very bad thing. My main point was user empowerment - if I can choose between two models of a device, one with a hardware lock, one without... I'll be happy with that.

Not like cellular device security is anything but an oxymoron anyway...

Preventing the need to open up devices to swap a SIM could be easily resolved by using a simple spring-loaded insert/eject slot for SIM cards (the same way most SD card slots work). That this is because of the "Internet of Things" is a cover story, and a weak one. What's more of a hassle? Spending 30 seconds to swap SIM cards or spending 30 minutes on hold before mentally parsing the unintelligible engrish of a slave-wage phone drone?

This is a solution to a problem that doesn't exist. The only "problem" this solves is enabling the carriers to revert to the abusive and restrictive CDMA model.

Preventing the need to open up devices to swap a SIM could be easily resolved by using a simple spring-loaded insert/eject slot for SIM cards

That would still need physical access to the device, which is the problem this proposal is actually trying do away with. It might also (speculation on my part here, but doesn't seem unreasonable) run the risk of causing more problems when users brick their phones or SIMs by popping the SIM without turning off the phone.

This is a solution to a problem that doesn't exist to me.

FTFY. There are plenty of use cases where this would be an incredibly useful facility. Just because none of them personally impact on you doesn't mean this is automatically a nefarious conspi

So...GSM now has an ESN? All this talk about the "Internet of Things" is really just saying that the devices are getting the equivalent of a MAC Address and can be remotely provisioned. And phones will still have SIM cards.

Guess there's nothing wrong with that, but I thought there was a big reason for GSM's push to have SIM cards in the first place.

SIMs that can be fully reprogrammed by OTA already exist.
All SIMs support changing the identity (IMSI) and a few also support changing authentication data (Ki, Op, algorithm).
Most likely this is just a method to take away one of subscriber's freedoms - to become somebody else's subscriber.

It's basically a watered down TPM that has a unique ID, a few kilobytes of storage, and a cryptographic key set.A physical device like that makes it difficult to replicate the functionality of the SIM card, making it harder to make one device use the credentials and system identity of another device. (EG, it makes it harder for an attacker to steal your network identity and make lots of 1-900 number calls, which will then show up on YOUR bill, amongst other things-- like framing you in a murder by making all his calls with your number, etc.)

Making this an easily reprogrammed internal chip makes that physical level of security go away.

I live in the USA and I'm in the UK right now, using a local SIM. If you don't offer than capability, you've shrunk your market to only the people who don't travel (hint:not the ones who tend to buy the fanciest phones).